Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Search engines (bing, yahoo...) & all google pages (mail, calendar...) refuse to load

This is a discussion on Search engines (bing, yahoo...) & all google pages (mail, calendar...) refuse to load within the Resolved HJT Threads forums, part of the Tech Support Forum category. Good morning! I think I am posting everything as requested - if there's anything else you need to help me


 
 
Thread Tools Search this Thread
Old 08-18-2011, 05:20 AM   #1
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP


Cry

Good morning! I think I am posting everything as requested - if there's anything else you need to help me or I am submitting incorrectly, please let me know. Thank you! ~Robyn

My situation

My computer started having problems a few days ago with redirects when clicking on search results. My virus scanner seemed to be catching issues and everything else seemed fine so I did a few extra scans... On Tuesday evening, the problem escalated to refusing to open any google sites (including gmail or search pages) and any other sites that weren't typed in directly, restarting, and refusing to run other programs as well (ie. TweetDeck, internet aircard, etc). I ran more virus scans (for pretty much all day yesterday - and removed a lot of viruses...), updated java, and installed a registry cleaner program (CCleaner). I can now search via AOL search and visit any website I type in myself (my internet aircard, TweetDeck, and other programs seem to be okay too), but still have no access to gmail or other google, yahoo, bing search pages. I finally gave in and took the computer to Best Buy last night - they couldn't find the problem and suggested a system restore/new computer purchase. I can't find the disks (I've moved a few times) and know I definitely need a new computer, but would prefer to wait a few weeks when I will have more time to select the right one (due to a big work project with a hard deadline, I won't have time to research options until that's completed).

To summarize - I (and GeekSquad) am not sure what the problem with my computer is (hopefully you can help), but I cannot access any google programs or search engines (aside from AOL search). My main concern is accessing my e-mail (via gmail) and maintaining use of my computer (at least the function of these other programs) until I have time to select a new one.

NOTE: I am also posting other information in the Blue Screen of Death forum because I had some problems there too; I'm not sure if/how these issues are related (or which may be causing the other).

Thank you so much for any assistance you can provide!

My logs (per the instructions)
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 6:02:40 on 2011-08-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.1802 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sprint\Sprint SmartView\bmop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Alwil Software\Avast5\defs\11081701\Sf.bin
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
BHO: {0db186c1-71fa-46fc-b8fe-aba6e48429fe} - c:\windows\system32\adsmsext32.dll
BHO: {122833c0-4dc4-4afd-aff5-68ef35c4834b} - c:\windows\system32\adsmsext32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{5F3ACD67-FDA0-46FF-B169-A90C6FDC8578} : NameServer = 68.28.250.92 68.28.242.91
TCP: Interfaces\{FDB2F962-36AC-49AF-8359-361602F25111} : DhcpNameServer = 168.94.0.14 168.94.0.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\kbdbene32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 80.79.117.219 Google
Hosts: 80.79.117.220 search.yahoo.com
Hosts: 80.79.117.220 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ltgdl92n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInst11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInstall.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-8 309848]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-8 42184]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840]
.
=============== Created Last 30 ================
.
2011-08-18 09:15:04 -------- d-----w- c:\program files\CCleaner
2011-08-17 19:51:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-17 19:51:20 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-17 19:51:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 04:04:00 0 ---ha-w- c:\documents and settings\administrator\kdbdauwlxw.tmp
2011-08-15 20:30:36 157184 ----a-w- c:\windows\system32\kbdbene32.dll
2011-08-15 20:30:26 331776 ----a-w- c:\windows\system32\adsmsext32.dll
2011-08-11 10:09:00 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 1058 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2011-07-24 21:25:59 -------- d-----w- c:\program files\TweetDeck
.
==================== Find3M ====================
.
2011-08-15 10:57:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-02 18:50:18 72080 ----a-w- c:\documents and settings\administrator\g2mdlhlpx.exe
2011-07-29 18:39:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 01:21:36 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 6:05:25.79 ===============
Attached Files
File Type: zip ark.zip (17.8 KB, 42 views)
robynrld is offline  
Sponsored Links
Advertisement
 
Old 08-18-2011, 07:06 AM   #2
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Okay - so most of my problems seem to have resolved themselves :)

Remaining Issues
1. Search results when clicked (in google only for now, it appears) redirect to hxxp://www.moonsearch.com or another unwanted advertisement page.
2. My TweetDeck won't open (crashes and requests submission of report to Microsoft).

Thanks again so much for your help!
robynrld is offline  
Old 08-18-2011, 07:24 AM   #3
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hello,

I see where you've reported this post to be removed, but the log shows signs of infection.

If you would still like help with that, and since changes may have been made causing a partial resolution to the issue, please post new logs from DDS.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Sponsored Links
Advertisement
 
Old 08-18-2011, 08:54 AM   #4
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Hi tentonbob,

Yes, please - you are correct, it seems that I made my request prematurely, the problem is not solved.

Chrome has been closing unexpectedly. Also, I just had to restart my computer after running scans (I have redone them again to post here) because my internet aircard program stopped working last time I tried to submit... This warning came back again when I restarted: "PTChangeFilterService.exe encountered a problem and needed to close."

Note: I have attached the updated gmer results too (not sure if you needed those again too).

New scans

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 10:27:50 on 2011-08-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.1953 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sprint\Sprint SmartView\bmop.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
BHO: {0db186c1-71fa-46fc-b8fe-aba6e48429fe} - c:\windows\system32\adsmsext32.dll
BHO: {122833c0-4dc4-4afd-aff5-68ef35c4834b} - c:\windows\system32\adsmsext32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{5F3ACD67-FDA0-46FF-B169-A90C6FDC8578} : NameServer = 68.28.250.92 68.28.242.91
TCP: Interfaces\{FDB2F962-36AC-49AF-8359-361602F25111} : DhcpNameServer = 168.94.0.14 168.94.0.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\kbdbene32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 80.79.117.219 Google
Hosts: 80.79.117.220 search.yahoo.com
Hosts: 80.79.117.220 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ltgdl92n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInst11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInstall.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-8 309848]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-8 42184]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840]
.
=============== Created Last 30 ================
.
2011-08-18 12:34:58 -------- d-----w- c:\program files\TweetDeck
2011-08-18 09:15:04 -------- d-----w- c:\program files\CCleaner
2011-08-17 19:51:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-17 19:51:20 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-17 19:51:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 04:04:00 0 ---ha-w- c:\documents and settings\administrator\kdbdauwlxw.tmp
2011-08-15 20:30:36 157184 ----a-w- c:\windows\system32\kbdbene32.dll
2011-08-15 20:30:26 331776 ----a-w- c:\windows\system32\adsmsext32.dll
2011-08-11 10:09:00 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 10:06:58 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-15 10:57:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-02 18:50:18 72080 ----a-w- c:\documents and settings\administrator\g2mdlhlpx.exe
2011-07-29 18:39:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 01:21:36 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:28:55.42 ===============
Attached Files
File Type: zip attach.zip (20.1 KB, 62 views)
robynrld is offline  
Old 08-18-2011, 09:23 AM   #5
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Hi robynrld,

I'm not sure removing the malware I do see will address all the other issues, but let's start there.



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-18-2011, 11:19 AM   #6
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Hi again,

When I was installing the program, it got stuck on C:\32788R22FWJFW\iexplore.exe twice (I pressed retry and then ignore, but then it waited for 20 minutes, so I quit, and restarted - I pressed retry and then ignore again and it finished). The program took about 40 minutes to run (but was obviously working, so I let it be) and didn't restart my computer.

Here is the log the program produced:

ComboFix 11-08-18.02 - Administrator 08/18/2011 12:39:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.1662 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\nsxA.tmp\PEV.DAT
c:\documents and settings\Administrator\Application Data\EurekaLog
c:\documents and settings\Administrator\Application Data\Local
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\shark.tank.s01e11.pdtv.xvid-2hd_ns.avi.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\shark.tank.s01e11.pdtv.xvid-2hd_ns.avi.ddp
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{647d08b6-e2cc-43b1-b0b1-f186f369b21c}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\install.rdf
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\install.rdf
c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\Administrator\kdbdauwlxw.tmp
c:\documents and settings\Administrator\Local Settings\Temp\nsxA.tmp\PEV.DAT
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{00da157d-dd8e-4517-901c-7bd9cc10510a}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{2ba9fabf-300a-45bf-9538-b4272bf4e9eb}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{3fdb1d81-9545-48a0-96a8-a879b33feb8f}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{647d08b6-e2cc-43b1-b0b1-f186f369b21c}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{647d08b6-e2cc-43b1-b0b1-f186f369b21c}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{647d08b6-e2cc-43b1-b0b1-f186f369b21c}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{647d08b6-e2cc-43b1-b0b1-f186f369b21c}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{647d08b6-e2cc-43b1-b0b1-f186f369b21c}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{bf4c6c81-6298-4a48-9363-7ac92ac54388}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{c39c1744-0bf9-4160-8dfd-389e141f2d85}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{cebcb5ab-2614-4306-a4d6-adac7293bf57}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{d149ea64-40b0-4daa-b957-b25da6e33e49}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\itbojcy8.default\extensions\{fac1e032-73b1-4595-9c2c-59a53eb862ce}\install.rdf
C:\systemsvc
c:\systemsvc\686873AD780208D
c:\windows\system32\adsmsext32.dll
c:\windows\system32\BSTIEPrintCtl1.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\program files\TweetDeck
2011-08-18 09:15 . 2011-08-18 09:15 -------- d-----w- c:\program files\CCleaner
2011-08-17 19:51 . 2011-08-17 19:51 -------- d-----w- c:\program files\Common Files\Java
2011-08-17 19:51 . 2011-08-17 19:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-17 19:51 . 2011-08-17 19:51 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-17 19:51 . 2011-08-17 19:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-15 20:30 . 2011-08-15 20:30 157184 ----a-w- c:\windows\system32\kbdbene32.dll
2011-08-15 10:53 . 2011-08-15 10:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-11 10:09 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 10:06 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 10:57 . 2011-06-07 12:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-29 18:39 . 2011-02-24 00:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 01:21 . 2010-06-30 14:38 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-08 14:02 . 2004-08-04 08:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-03-18 02:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-03-18 02:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-11-08 14:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-11-08 14:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-18 12:08 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-11-08 14:44 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-11-08 14:44 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-11-08 14:44 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-11-08 14:44 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-11-08 14:44 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-11-08 14:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-11-08 14:44 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2004-08-04 08:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 12:38 . 2011-07-07 14:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
rugau.exe [2011-8-16 138240]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
gesexe.exe [2011-8-16 138240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kbdbene32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-05 10:09 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\bmop.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 6:14 AM 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/18/2011 8:08 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/8/2010 10:44 AM 309848]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 7:08 PM 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/8/2010 10:44 AM 19544]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 3:10 PM 82944]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [5/14/2008 4:41 PM 34184]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 8:19 AM 193840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
*Deregistered* - uxryipow
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033327205-2210466045-1936097793-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 21:14]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033327205-2210466045-1936097793-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
TCP: Interfaces\{5F3ACD67-FDA0-46FF-B169-A90C6FDC8578}: NameServer = 68.28.250.92 68.28.242.91
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0DB186C1-71FA-46FC-B8FE-ABA6E48429Fe} - c:\windows\system32\adsmsext32.dll
BHO-{122833C0-4DC4-4AFD-AFF5-68EF35C4834b} - c:\windows\system32\adsmsext32.dll
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-18 13:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3033327205-2210466045-1936097793-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,ce,7c,3f,f3,61,97,46,b6,3d,dd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,37,a8,ce,b8,4d,c5,46,80,52,ee,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,ce,7c,3f,f3,61,97,46,b6,3d,dd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
Completion time: 2011-08-18 13:09:48
ComboFix-quarantined-files.txt 2011-08-18 17:09
.
Pre-Run: 281,383,743,488 bytes free
Post-Run: 282,605,608,960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C961F600BE85B51214E7B7FB787BE1E4
robynrld is offline  
Old 08-18-2011, 11:31 AM   #7
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



TeaTimer is enabled. Please disable it for the duration of our fixes.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Double Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

    c:\windows\system32\kbdbene32.dll
  • Next, click the Open button.
  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.



Please repeat for the following files:
  • c:\documents and settings\Default User\Start Menu\Programs\Startup\rugau.exe

    c:\documents and settings\Guest\Start Menu\Programs\Startup\gesexe.exe
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-18-2011, 12:06 PM   #8
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Hi tentonbob,

I disabled the Tea Timer as you outlined.

However, the link you sent wouldn't open (it thought you meant hxxp://www.virustotal.coml) so I also tried hxxp://www.virustotal.com... but this wouldn't load either.

Is there a different website I can try?
robynrld is offline  
Old 08-18-2011, 02:09 PM   #9
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Okay, I waited a while and tried the website you suggested again. This time it worked!

Here are the results links for each file (each one did need to be reanalyzed):

VirusTotal - Free Online Virus, Malware and URL Scanner

VirusTotal - Free Online Virus, Malware and URL Scanner

VirusTotal - Free Online Virus, Malware and URL Scanner

Thanks again for your help!
robynrld is offline  
Old 08-18-2011, 03:21 PM   #10
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:


    Code:
    https://www.techsupportforum.com/forums/f50/search-engines-bing-yahoo-and-all-google-pages-mail-calendar-refuse-to-load-595020.html#post3401284
    Collect::
    C:\windows\system32\kbdbene32.dll
    c:\documents and settings\Default User\Start Menu\Programs\Startup\rugau.exe
    c:\documents and settings\Guest\Start Menu\Programs\Startup\gesexe.exe
    Comment::
    End copy here


    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe
  3. ComboFix may request an update; please allow it.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.

    Please let me know if the file was successfully submitted . Thanks.

    ------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-18-2011, 04:18 PM   #11
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Hi again,

The program got stuck again during loading on the C:\32788R22FWJFW file and I had to force quit and restart. Then I had to ignore C:\32788R22FWJFW\iexplore.exe and it paused at the C:\32788R22FWJFW file but eventually finished loading. The program ran, it restarted my computer, it said that the log would be saved, and it also said that everything was submitted.

Here is the log that popped up on my computer when it finished:

ComboFix 11-08-18.02 - Administrator 08/18/2011 17:41:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.1352 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\documents and settings\Default User\Start Menu\Programs\Startup\rugau.exe
file zipped: c:\documents and settings\Guest\Start Menu\Programs\Startup\gesexe.exe
file zipped: c:\windows\system32\kbdbene32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\kbdbene32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\program files\TweetDeck
2011-08-18 09:15 . 2011-08-18 09:15 -------- d-----w- c:\program files\CCleaner
2011-08-17 19:51 . 2011-08-17 19:51 -------- d-----w- c:\program files\Common Files\Java
2011-08-17 19:51 . 2011-08-17 19:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-17 19:51 . 2011-08-17 19:51 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-17 19:51 . 2011-08-17 19:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-15 10:53 . 2011-08-15 10:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-11 10:09 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 10:06 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 10:57 . 2011-06-07 12:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-29 18:39 . 2011-02-24 00:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 01:21 . 2010-06-30 14:38 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-08 14:02 . 2004-08-04 08:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-03-18 02:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-03-18 02:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-11-08 14:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-11-08 14:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-18 12:08 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-11-08 14:44 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-11-08 14:44 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-11-08 14:44 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-11-08 14:44 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-11-08 14:44 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-11-08 14:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-11-08 14:44 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2004-08-04 08:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 12:38 . 2011-07-07 14:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_17.01.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-18 22:02 . 2011-08-18 22:02 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
+ 2011-08-18 22:02 . 2011-08-18 22:02 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
rugau.exe [2011-8-16 138240]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
gesexe.exe [2011-8-16 138240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-05 10:09 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\bmop.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 6:14 AM 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/18/2011 8:08 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/8/2010 10:44 AM 309848]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 7:08 PM 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/8/2010 10:44 AM 19544]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [5/14/2008 4:41 PM 34184]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 3:10 PM 82944]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 8:19 AM 193840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033327205-2210466045-1936097793-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 21:14]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033327205-2210466045-1936097793-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = <local>
TCP: Interfaces\{5F3ACD67-FDA0-46FF-B169-A90C6FDC8578}: NameServer = 68.28.250.92 68.28.242.91
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0DB186C1-71FA-46FC-B8FE-ABA6E48429Fe} - (no file)
BHO-{122833C0-4DC4-4AFD-AFF5-68EF35C4834b} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-18 18:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3033327205-2210466045-1936097793-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,ce,7c,3f,f3,61,97,46,b6,3d,dd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,37,a8,ce,b8,4d,c5,46,80,52,ee,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,ce,7c,3f,f3,61,97,46,b6,3d,dd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-18 18:11:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 22:11
ComboFix2.txt 2011-08-18 17:09
.
Pre-Run: 282,424,827,904 bytes free
Post-Run: 282,537,709,568 bytes free
.
- - End Of File - - 30016A277757D94D1815C44988377650
Upload was successful
robynrld is offline  
Old 08-18-2011, 04:33 PM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



I think something is interfering with the unpacking procedure. We're going to run ComboFix again in Safe Mode. Do not prematurely end it. Sometimes, things can take a good while longer than the message of the tool indicates.


Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Note: you have this Conduit toolbar installed. Conduit toolbars are listed as "O" or Open to debate.

Quote:
The classification of this entry is open to debate.

It may offer or exhibit borderline or questionable behavior. Read the description for more details.

FreeOnlineRadioPlayerRecorder Toolbar

SystemLookup - Global Search

Your choice whether to keep it, but I thought you should be informed.

=====================
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    File::
    c:\documents and settings\Default User\Start Menu\Programs\Startup\rugau.exe
    c:\documents and settings\Guest\Start Menu\Programs\Startup\gesexe.exe


    Save this as CFScript.txt

    Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

    ---------------------------------------------------------------------------------------------




    Referring to the picture above, drag CFScript.txt into ComboFix.exe

  3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. If it does, reboot back into Safe Mode until a log is produced.
  4. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  5. Ensure your AntiVirus and AntiSpyware applications are re-enabled.


    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-18-2011, 05:08 PM   #13
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Hi again and thanks for your quick responses :)

I don't know what that radio toolbar thing is - can you tell me how to remove it?

When I opened in "Safe Mode" a full screen of "multi(0)disk(0)rdisk(0)partician(1)..[not sure what was here win32-something I think]..drivers..[individual file names]".

Then I ran the program and it didn't stall or anything.

Here is the file it produced:


ComboFix 11-08-18.02 - Administrator 08/18/2011 18:52:11.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.2568 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Default User\Start Menu\Programs\Startup\rugau.exe"
"c:\documents and settings\Guest\Start Menu\Programs\Startup\gesexe.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\rugau.exe
c:\documents and settings\Guest\Start Menu\Programs\Startup\gesexe.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\program files\TweetDeck
2011-08-18 09:15 . 2011-08-18 09:15 -------- d-----w- c:\program files\CCleaner
2011-08-17 19:51 . 2011-08-17 19:51 -------- d-----w- c:\program files\Common Files\Java
2011-08-17 19:51 . 2011-08-17 19:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-17 19:51 . 2011-08-17 19:51 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-17 19:51 . 2011-08-17 19:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-15 10:53 . 2011-08-15 10:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-11 10:09 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 10:06 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 10:57 . 2011-06-07 12:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-29 18:39 . 2011-02-24 00:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29 . 2004-08-04 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 01:21 . 2010-06-30 14:38 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-08 14:02 . 2004-08-04 08:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52 . 2011-03-18 02:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2011-03-18 02:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2010-11-08 14:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-11-08 14:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-18 12:08 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-11-08 14:44 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-11-08 14:44 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-11-08 14:44 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-11-08 14:44 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-11-08 14:44 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-11-08 14:44 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-11-08 14:44 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2004-08-04 08:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-04 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 12:38 . 2011-07-07 14:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-3-31 576104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-05 10:09 150040 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\bmop.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Canon\\DIAS\\CnxDIAS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 6:14 AM 24064]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/18/2011 8:08 AM 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/8/2010 10:44 AM 309848]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 7:08 PM 182576]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/8/2010 10:44 AM 19544]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [5/14/2008 4:41 PM 34184]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 3:10 PM 82944]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 8:19 AM 193840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033327205-2210466045-1936097793-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 21:14]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033327205-2210466045-1936097793-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-13 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ltgdl92n.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-18 18:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|[email protected]
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3033327205-2210466045-1936097793-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,ce,7c,3f,f3,61,97,46,b6,3d,dd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,37,a8,ce,b8,4d,c5,46,80,52,ee,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,ce,7c,3f,f3,61,97,46,b6,3d,dd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(312)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
.
Completion time: 2011-08-18 19:00:14
ComboFix-quarantined-files.txt 2011-08-18 23:00
ComboFix2.txt 2011-08-18 22:12
ComboFix3.txt 2011-08-18 17:09
.
Pre-Run: 285,633,654,784 bytes free
Post-Run: 285,615,411,200 bytes free
.
- - End Of File - - D8144C534726F8E434E37AA5C15409FB
robynrld is offline  
Old 08-18-2011, 07:08 PM   #14
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



The black screen with scrolling white letters is normal while waiting for Safe Mode to load. Success!

Uninstall the following via the Add/Remove Panel (Start ->Control Panel->Add or Remove Programs)


FreeOnlineRadioPlayerRecorder Toolbar


---------------------------------------------------------------------------------------------

Once you've done that, run the DDS tool once again, and send it's new logs.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-18-2011, 07:44 PM   #15
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Okay, I think I removed the radio toolbar and I'm glad to hear the screen is normal.

It seems like everything is up and running properly... but you tell me to be sure ;)

Here is the scan document (and I've attached the zip file as before):


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 21:16:30 on 2011-08-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3001.1466 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
C:\Program Files\Sprint\Sprint SmartView\SwiApiMuxCdma.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sprint\Sprint SmartView\bmop.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{5F3ACD67-FDA0-46FF-B169-A90C6FDC8578} : NameServer = 68.28.250.92 68.28.242.91
TCP: Interfaces\{FDB2F962-36AC-49AF-8359-361602F25111} : DhcpNameServer = 168.94.0.14 168.94.0.15
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ltgdl92n.default\
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInst11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInstall.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-8 309848]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-8 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-8 42184]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840]
.
=============== Created Last 30 ================
.
2011-08-18 16:36:59 -------- d-sha-r- C:\cmdcons
2011-08-18 16:33:12 98816 ----a-w- c:\windows\sed.exe
2011-08-18 16:33:12 518144 ----a-w- c:\windows\SWREG.exe
2011-08-18 16:33:12 256000 ----a-w- c:\windows\PEV.exe
2011-08-18 16:33:12 208896 ----a-w- c:\windows\MBR.exe
2011-08-18 12:34:58 -------- d-----w- c:\program files\TweetDeck
2011-08-18 09:15:04 -------- d-----w- c:\program files\CCleaner
2011-08-17 19:51:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-17 19:51:20 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-17 19:51:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-11 10:09:00 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 10:06:58 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-15 10:57:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-29 18:39:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 01:21:36 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:22:52.67 ===============
Attached Files
File Type: zip ark.zip (22.2 KB, 40 views)
robynrld is offline  
Old 08-18-2011, 08:01 PM   #16
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



This last trace of Conduit toolbar is your Start Page in Internet Explorer.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658

If you did not intentionally set that, you should be able to manually change that.

Go to Start > Run and copy/paste the following, then press Enter

inetcpl.cpl

On the General tab, under Home Page, type in your desired Start page, such as https://www.google.com then Apply and OK. Let me know if it presents a problem for you.

Next....

I see that you have Malwarebytes' Anti-Malware installed.

Please update it's definitions, and run a new Quick Scan.
  • Launch Malwarebytes' Anti-malware
  • On the updates tab, click on Check for Updates
  • If an update is found, it will begin. Once the update is complete..
  • Click on the Scanner tab. Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop. Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-18-2011, 08:32 PM   #17
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Okay, I changed the homepage and that seems to be okay.

I tried to update Malwarebytes, but it says - "Run-time error '6': Overflow" - and then closes itself.

I've tried it a couple times and it keeps giving the same error...
robynrld is offline  
Old 08-18-2011, 08:51 PM   #18
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



If you're using the PRO version, be sure to have your ID and Key handy first.


Do the following in this order:

1. Download and run this utility.
2. It will ask to restart your computer (please allow it to).
3. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it.

Once installed, update and run a new Quick Scan.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
Old 08-18-2011, 08:53 PM   #19
Registered Member
 
Join Date: Aug 2011
Posts: 28
OS: XP



Is it the same process if I'm using the free version (which I am)? I don't think I have any codes for that program...
robynrld is offline  
Old 08-18-2011, 09:03 PM   #20
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Yes, it is.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Xp slow boot after splash screen
After the Windows Xp splash screen I get about 30 to 40 seconds of blackness (could be more) before the cursor appears. When I start in Safe Mode it takes a long time to load mup.sys but that could just be because it's the last one to load. Here's by most recent ntbtlog.txt: Service...
Sulla Windows XP Support 5 06-17-2013 11:29 AM
All of my searches get redirected, no matter what search engine I use
I have been having an issue for about a week now with all of my searches, no matter what search engine I use, getting redirected to some kind of ad website or something completely different than what I was searching for. I have been doing my research and determined that I have some sort of...
amandac88 General Computer Security 2 07-27-2011 06:24 AM
100++ 0x7f (0x0,,,) BSODs - ati2mtag.sys
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\symbols*https://msdl.microsoft.com/download/symbols...
victory89 Windows XP Support 26 04-02-2011 06:27 AM
BSOD, atikmpag.sys
Hi! Since I installed Win7 on my new computersystem, i get these BSOD every first time on a day i start my computer. first some specs OS - Windows 7 Ultimate x86 Windows 7 Ultimate OEM 1/2 year
emddummi BSOD, App Crashes And Hangs 1 03-06-2011 03:55 AM
BSOD Problems, IQRL_Not_Less_Or_Equal; PFN_List_Corrupt; Ntfs.sys etc.
Over the past 2 months I've been having problems with BSOD's. First I tought it was just a one time thing but after five times I started to think different. I used Ccleaner and Comodo cleaner to clean up the registry but nothing helped. The one thing I did noticed was that the BSOD's were different...
Pytrik BSOD, App Crashes And Hangs 9 02-28-2011 05:41 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:32 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts